IT Controls 2-20

avatar
Created by
Myka Loresco

Cards (9)

  • ITGCs
    • Share everything from configuration management to password policy, application development to user account creation
    • Govern how technology is acquired and developed or how security protocols are rolled out across the enterprise
  • Without ITGCs, employees can't rely on data and reports that IT systems provide
  • ITGCs
    • Govern the technology that other parts of the enterprise use to do their jobs
  • Tasks governed by ITGCs
    • Creation of account or users
    • Software lifecycle management
    • Patch management
    • Password management
    • Audit logs
  • Application Controls
    • Help ensure data accuracy, completeness, validity, verifiability, and consistency, thus achieving data integrity and data reliability
  • Application controls ensure proper coverage and the confidentiality, integrity, and availability of the application and its associated data
  • With the appropriate application controls, businesses and organizations greatly reduce the risk and threats associated with the application usage because applications are prevented from executing if they put the network or sensitive data at risk
  • Activities an IS auditor should perform when reviewing application controls
    • Identify the significant application components and the flow of transactions through the system and gain a detailed understanding of the application by reviewing the available documentation and interviewing the appropriate personnel
    • Identify the application control strength and evaluate the impact of the control weakness
    • Develop a testing strategy
    • Test the controls to ensure their functionality and effectiveness by applying appropriate audit procedures
    • Evaluate the control environment by analyzing the test results and other audit evidence to determine that control objectives were achieved
    • Consider the operational aspects of the application to ensure its efficiency and effectiveness by comparing the system with efficient system design standards, analyzing procedures used, and comparing them to management`s objective for the system
  • When auditing application controls, an IS auditor should
    • Plan the audit, set audit objectives, and identify risk associated with the application being audited
    • Identify the significant components and flow of information through the system and gain a detailed understanding of the application by reviewing the available documentation and interviewing appropriate personnel
    • Developing DFD can help visualize the flow of information